Portal Access Authorized Emails
Use this page to control who can sign in to the Developer Portal for a given client.
What this page is for
This is different from collection/policy assignment:
- Portal access + authorized emails controls who can log in to portal.
- Collection/policy assignment controls what an already-authorized client can call.
Configure portal access
- Open Access Control -> Clients.
- Select target client.
- Enable portal access (
has_portal_access/ portal toggle). - Add allowed email list for that client.
- Save changes.
Validation steps
- Request magic link with an approved email -> expect success.
- Request magic link with non-approved email -> expect deny/no-access response.
- Validate magic-link token and confirm only allowed client context appears.
- Check audit logs include admin actor and updated authorized-emails config.
Example scenario
Scenario: only @partner.example.com users should enter partner portal scope.
curl -i "https://gateway.example.com/api/v1/developer-portal/request-link" \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]"}'
Repeat with a non-approved email and confirm access is denied.
Evidence to capture
- Magic-link request result for approved vs non-approved email.
- Audit entry showing who changed authorized email list.
- Portal session context showing correct client binding after login.
Extra negative test
Use a previously approved email removed from the list and verify portal access no longer works.
Rollback checkpoint
If legitimate users are blocked, restore the previous authorized email list and retest one approved and one denied email.